GCP Professional Cloud Security Engineer Practice Question
A security team created an aggregated sink at the prod folder level with includeChildren set to true. The sink exports all Audit Logs generated in that folder to a BigQuery dataset that resides in a dedicated security-project. Soon after activation, the dataset starts to receive duplicate log entries that originate from the security-project itself, which is not part of the prod folder. You must keep exporting every audit log produced by projects in the prod folder, but avoid re-exporting any log entries that originate in the security-project. Which change will solve the problem with the least ongoing maintenance effort?
Reconfigure the existing folder-level aggregated sink to operate in non-intercepting mode so it ignores log entries that have already been exported to another sink.
Move the sink to the organization root and add an exclusion filter for logName:projects/security-project.
Delete the aggregated sink and create individual project sinks in every prod project, each exporting to the BigQuery dataset.
Edit the sink filter to add a condition that excludes any entries where resource.labels.project_id equals security-project.
Aggregated sinks have two operating modes. In their default non-intercepting mode they export log entries only if those entries haven't already been delivered to another sink further down the resource hierarchy. If an aggregated sink is switched to intercepting mode, it re-exports any log entry that matches its filter, even if that entry was already exported by another sink - including log entries created in the destination project. Because the team is seeing recursive exports from the security-project, the sink must currently be configured as intercepting. Returning it to the default non-intercepting behavior stops the recursion while still exporting all logs from child projects in the prod folder. The other options either introduce higher operational overhead (multiple project sinks or complex exclusion filters) or move the sink to a broader scope while still requiring manual exclusions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are aggregated sinks and how do they work in GCP?
Open an interactive chat with Bash
What does non-intercepting mode mean for an aggregated sink?
Open an interactive chat with Bash
Why does intercepting mode cause duplicate logs in this scenario?
Open an interactive chat with Bash
What is an aggregated sink in GCP?
Open an interactive chat with Bash
What is the difference between intercepting and non-intercepting modes in GCP aggregated sinks?
Open an interactive chat with Bash
How do exclusion filters work in GCP sinks?
Open an interactive chat with Bash
GCP Professional Cloud Security Engineer
Managing operations
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .